<?php

/**
 * 登录界面
 * ============================================================================
 * * 版权所有 2012 铭迈（上海）实业有限公司，并保留所有权利。
 * 网站地址: http://www.mingmailtd.com/；
 * ----------------------------------------------------------------------------
 * 仅用于公司内部人员使用。
 * ============================================================================
 * $Author: zhangmingming $
 * $Id: lib_smart.php 2012/6/25 15:34:03 $
 */

define('IN_MMOA', true);

require(dirname(__FILE__) . '/includes/init.php');

//已登录直接进入
if ($_SESSION['username'])
{
	header("Location: ./main.php");
}

//未登录显示登录界面
if ($_REQUEST['act'] == '')
{
	if(!empty($_SESSION['login_error'])){
		$smarty->assign('loginError', '1');
		$_SESSION['login_error'] = '0';
	}
	if(!empty($_SESSION['reg_ok'])){
		$smarty->assign('regOk', '1');
		$_SESSION['reg_ok'] = '0';
	}
	$smarty->assign('name', 'Zhang Mingming');
	
	$departments = department_show();
	$smarty->assign('departments', $departments);
	$smarty->assign('mm_show', 'loginform');
	
	clear_caches();
	$smarty->display('index.tpl');
}
//登录判断是否登录成功
elseif ($_REQUEST['act'] == 'login')
{
	$username = trim($_POST['username']);
	$password = md5($_POST['Passwd']);
	$department = trim($_POST['department']);
	
	if (login_check($username, $password, $department))
	{
		$_SESSION['username'] = $username;
		$_SESSION['department'] = $department;
		header("Location: ./main.php");
	}
	else
	{
		//echo 'Login Error. Please check out you name, password and department selected!';
		//echo '<br>';
		//echo '<a href="./">back</a>';
		$_SESSION['login_error'] = '1';
		header("Location: ./");
	}
}
//注册
elseif ($_REQUEST['act'] == 'reg')
{
	$departments = department_show(); //print_r($departments);
	//echo '33';
	$smarty->assign('departments', $departments);
	$smarty->assign('mm_show', 'regform');
	
	clear_caches();
	$smarty->display('index.tpl');
}
//注册判断
elseif ($_REQUEST['act'] == 'signin')
{
	$reg_info = array(); // 13 项
	
	//$reg_info['e_no'] = trim($_POST['e_no']);
	$reg_info['e_depart'] = trim($_POST['e_depart']);
	$reg_info['e_name'] = trim($_POST['e_name']);
	$reg_info['e_pass'] = md5($_POST['e_pass']);
	$reg_info['e_repass'] = md5($_POST['e_repass']);
	$reg_info['e_sex'] = trim($_POST['e_sex']);
	$reg_info['e_college'] = trim($_POST['e_college']);
	$reg_info['e_card_id'] = trim($_POST['e_card_id']);
	$reg_info['e_home_address'] = trim($_POST['e_home_address']);
	$reg_info['e_address'] = trim($_POST['e_address']);
	$reg_info['e_phone'] = trim($_POST['e_phone']);
	$reg_info['e_emerg_contact'] = trim($_POST['e_emerg_contact']);
	$reg_info['e_emerg_phone'] = trim($_POST['e_emerg_phone']);
	
	if (reg_check($reg_info))
	{	
		//echo 'reg ok';
		$_SESSION['reg_ok'] = '1';
		header("Location: ./");
	}
	else
	{
		echo 'error';
		echo '<br>';
		echo '<a href="./reg.php">back</a>';
	}
}


//*************************-- FUNCTIONS
function login_check($username, $password, $department)
{
	$sql = "SELECT id FROM " . $GLOBALS['mmoa']->table('employees') .
	" where e_name = '" . $username . "' AND e_pass = '" . $password . "' AND e_depart = '" . $department . "'";
	$row = $GLOBALS['db']->getOne($sql);
	
	if ($row)
	{
		return true;
	}
	else
	{
		return false;
	}
}

function reg_check($reg_info)
{
	if ($reg_info['e_pass'] == $reg_info['e_repass'])
	{
		$sql = "INSERT INTO " . $GLOBALS['mmoa']->table('employees') . " (`e_depart`, `e_name`, `e_pass`, `e_sex`, `e_college`, `e_card_id`, `e_home_address`, `e_address`, `e_phone`, `e_emerg_contact`, `e_emerg_phone`) 
				VALUES (" . 
				  
				  "'" .	$reg_info['e_depart'] . "' ," . 
				  "'" .	$reg_info['e_name'] . "' ," .  
				  "'" .	$reg_info['e_pass'] . "' ," . 
				  "'" .	$reg_info['e_sex'] . "' ," . 
				  "'" .	$reg_info['e_college'] . "' ," . 
				  "'" .	$reg_info['e_card_id'] . "' ," . 
				  "'" .	$reg_info['e_home_address'] . "' ," . 
				  "'" .	$reg_info['e_address'] . "' ," . 
				  "'" .	$reg_info['e_phone'] . "' ," . 
				  "'" .	$reg_info['e_emerg_contact'] . "' ," . 
				  "'" .	$reg_info['e_emerg_phone'] . "'" .
				  ")";
		$GLOBALS['db']->query($sql);
		
		return true;
	} else {
		return false;
	}
	
}



?>